US12250326B2ActiveUtilityA1

Certificate entitlement licenses for authenticating public key infrastructure certificate enrollment

81
Assignee: MOTOROLA SOLUTIONS INCPriority: Aug 26, 2022Filed: Aug 26, 2022Granted: Mar 11, 2025
Est. expiryAug 26, 2042(~16.1 yrs left)· nominal 20-yr term from priority
H04L 9/0861H04L 9/0825H04L 9/3268H04L 9/3263H04L 63/0823
81
PatentIndex Score
2
Cited by
23
References
17
Claims

Abstract

Systems and methods for authenticating public key infrastructure certificate enrollment using certificate entitlement licenses. One example system includes a device manager including an electronic processor. The electronic processor is configured to receive a request for software for an electronic device including a unique electronic device identifier. The electronic processor is configured to determine, based on the request, whether the electronic device is entitled to participate in a certificate management service. The electronic processor is configured to, responsive to determining that the electronic device is entitled to participate in a certificate management service, transmit a certificate entitlement license request including the unique device identifier to a certificate entitlement license manager. The electronic processor is configured to receive, from the certificate entitlement license manager, a certificate entitlement license for the unique device identifier. The electronic processor is configured to deliver the certificate entitlement license based on the unique device identifier.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A system for authenticating public key infrastructure certificate enrollment, the system comprising:
 a device manager including an electronic processor configured to: 
 receive a request for access to an external software service, the request being generated by an electronic device connect service on behalf of an electronic device, the request including a unique electronic device identifier; 
 determine, based on the request, whether the electronic device is entitled to participate in the certificate management service; 
 responsive to determining that the electronic device is entitled to participate in a certificate management service, transmit a certificate entitlement license request including the unique device identifier to a certificate entitlement license manager; 
 receive, from the certificate entitlement license manager, a certificate entitlement license for the unique device identifier; and 
 deliver the certificate entitlement license based on the unique device identifier; 
 wherein the electronic device connect service is either internal or external to the electronic device. 
 
     
     
       2. The system of  claim 1 , wherein delivering the certificate entitlement license includes transmitting a secure software package including the certificate entitlement license to the electronic device. 
     
     
       3. The system of  claim 1 , further comprising:
 the certificate entitlement license manager; 
 wherein the certificate entitlement license manager includes a second electronic processor configured to, responsive to receiving the certificate entitlement license request, generate the certificate entitlement license for the unique device identifier. 
 
     
     
       4. The system of  claim 3 , wherein the second electronic processor is further configured to:
 receive, from the electronic device, a certificate request including a certificate entitlement license identifier associated with the certificate entitlement license, the unique device identifier, and a device type for the electronic device; 
 validate the certificate request based on the certificate entitlement license identifier and the unique device identifier; 
 responsive to validating the certificate request, generate a public key certificate based on a profile associated with the device type and the certificate request; and 
 transmit, to the electronic device, the public key certificate. 
 
     
     
       5. The system of  claim 4 , wherein:
 the certificate request further includes a service type; and 
 the electronic processor is further configured to generate the public key certificate based on a profile associated with the device type and the service type. 
 
     
     
       6. The system of  claim 1 , wherein:
 wherein delivering the certificate entitlement license includes delivering at least one selected from a group consisting of a certificate entitlement license identifier, a certificate entitlement license value, a certificate entitlement license validity period, the unique device identifier, and a device type for the electronic device. 
 
     
     
       7. The system of  claim 1 , wherein the certificate entitlement license request further includes at least one selected from a group consisting of a device type and a service type. 
     
     
       8. A method for authenticating public key infrastructure certificate enrollment comprising:
 receiving, at a device manager, a request for access to an external software service, the request being generated by an electronic device connect service on behalf of an electronic device, the request including a unique electronic device identifier; 
 determining, with the device manager, based on the request, whether the electronic device is entitled to participate in a certificate management service; 
 responsive to determining that the electronic device is entitled to participate in the certificate management service, transmitting a certificate entitlement license request including the unique device identifier to a certificate entitlement license manager; 
 receiving, from the certificate entitlement license manager, a certificate entitlement license for the unique device identifier; and 
 delivering, with the device manager, the certificate entitlement license based on the unique device identifier; 
 wherein the electronic device connect service is either internal or external to the electronic device. 
 
     
     
       9. The method of  claim 8 , further comprising:
 wherein delivering the certificate entitlement license includes generating, based on the unique device identifier, a secure software package including the certificate entitlement license; and 
 transmitting the secure software package to the electronic device. 
 
     
     
       10. The method of  claim 8 , further comprising:
 generating, with the certificate entitlement license manager, a certificate entitlement license for the unique device identifier in response to receiving the certificate entitlement license request. 
 
     
     
       11. The method of  claim 8 , further comprising:
 receiving, by the certificate entitlement license manager from the electronic device, a certificate request including a certificate entitlement license identifier associated with the certificate entitlement license, the unique device identifier, and a device type for the electronic device; 
 validating, with the certificate entitlement license manager, the certificate request based on the certificate entitlement license identifier and the unique device identifier; 
 responsive to validating the certificate request, generating a public key certificate based on a profile associated with the device type and the certificate request; and 
 transmitting, to the electronic device, the public key certificate. 
 
     
     
       12. The method of  claim 11 , further comprising:
 generating the public key certificate based on a profile associated with the device type and a service type. 
 
     
     
       13. The method of  claim 8 , wherein:
 wherein delivering the certificate entitlement license includes delivering at least one selected from a group consisting of a certificate entitlement license identifier, a certificate entitlement license value, a certificate entitlement license validity period, the unique device identifier, and a device type for the electronic device. 
 
     
     
       14. The method of  claim 8 , wherein the certificate entitlement license request further includes at least one selected from a group consisting of a device type and a service type. 
     
     
       15. A device comprising:
 an electronic processor configured to: 
 receive, via an application programming interface, a certificate entitlement license request including a unique device identifier identifying an electronic device and a device type for the electronic device; 
 validate the certificate entitlement license request based on the device type; 
 responsive to validating the certificate entitlement license request, generate a certificate entitlement license for the unique device identifier; 
 transmit, via the application programming interface, the certificate entitlement license based on the unique device identifier; 
 receive, from the electronic device, a certificate request including certificate entitlement license identifier associated with the certificate entitlement license, the unique device identifier, and a device type for the electronic device; 
 validate the certificate request based on the certificate entitlement license identifier and the unique device identifier; 
 responsive to validating the certificate request, generate a public key certificate based on a profile associated with the device type and the certificate entitlement license identifier; and 
 transmit, to the electronic device, the public key certificate. 
 
     
     
       16. The device of  claim 15 , wherein:
 the certificate request further includes a service type; and 
 the electronic processor is further configured to generate the public key certificate based on a profile associated with the device type, the certificate entitlement license identifier, and the service type. 
 
     
     
       17. The device of  claim 15 , wherein the electronic processor is further configured to transmit the certificate entitlement license by transmitting a certificate entitlement license response message that includes at least one selected from a group consisting of a certificate entitlement license identifier, a certificate entitlement license value, a certificate entitlement license validity period, the unique device identifier, the device type, and a message checksum.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.